FAU Study Finds Upcoming Grads will Violate HIPAA for Money
Existing healthcare professionals in the United States are no strangers to the privacy restrictions and rules that they must abide by in order to keep protected health information (PHI) safe and avoid penalties from the HHS. However, a new study conducted by Florida Atlantic University, Baylor University and the State University of New York at Buffalo reveals that the upcoming group of graduates may be willing to violate those important regulations for a certain amount of money.
Background on Insider Breaches
The Health Insurance and Portability and Accountability Act of 1996 (or HIPAA) is the federal law that mandates the requirements and safeguards that must be put in place by all organizations with employees who have access to protected health information. The regulations are key to the effective and secure operations of the healthcare system and that is something that all members of these organizations should be aware of and comply with.
The healthcare industry is the only sector that is home to more insider breaches of privileged information than external ones. This means that human error or abuse of privileged access within healthcare organizations accounts for most of the cybersecurity incidents that occur and jeopardize PHI. This high level of risk and the high value of stolen healthcare information is what led the researchers to create a study to find the influence of monetary rewards on upcoming
In this study, the researchers created five scenarios to determine the probability that one of these soon-to-be graduates would knowingly violate HIPAA and it’s privacy requirements.
The first three scenarios described the survey-taker as a nurse, doctor and then insurance agent, each violating HIPAA with a range of monetary incentive options for the participants to choose. In each of these situations, the salaries were different as they are in actuality which was another level of having the participants gauge the perceived level of risk therefore the amount that would be needed to make it worth it.
In the final two scenarios, the researchers made the situations personal which resulted in much higher percentages of people willing to accept money in exchange for this violation. The fourth situation involved knowingly violating HIPAA in order to gain money to be able to fund an experimental operation that the participant’s mother needs. The last scenario dealt with the participant’s best friend needing an ambulance airlife to be paid for with that money.
What the researchers found was that in the nursing scenario 45.9% of participants elected to receive some amount of money for violating HIPAA. In the doctor story, 35.4% of participants would accept some level of monetary compensation for a violation. The insurance agent scenario saw 45.1% of people choose the money in exchange for committing a violation.
In the last two scenarios when the personal aspect was introduced, the percentages of people willing to commit a HIPAA violation act increased dramatically. In order to receive $100,000 for a procedure for their mother, 78.4% of participants said they would sell a politician’s PHI to the media. In the very last scenario, 64.6% of participants would give a famous person’s medical records for $50,000 to help their best friend receive medical transportation she was needed.
Overall, the amount of study participants who were willing to violate HIPAA was much higher than the researchers were expecting based on their pilot study. Two out of their three hypotheses were supported, only with much higher values than initially predicted. They found that 14.1% of the people who didn’t not choose to take any amount of money for any of the violations throughout the study.
This research study highlights the importance of organizations implementing proper HIPAA policies & procedures and carefully training all employees on the personal and organization-wide risks of noncompliance.
Accountable exists to simplify HIPAA and provide a simple framework that helps organizations complete all of the administrative requirements - like annual training and risk assessments. Plus, you can get started for free today!